# HG changeset patch
# User alexc
# Date 1268171410 0
# Node ID 95123a24a580349b5db3d5b086ffad9285b52eba
# Parent  e62f45fd47d4d9de24c40f7ae88410617359047d
aacsbr: Check that bs_num_env is valid before writing arrays with it as an offset.

diff -r e62f45fd47d4 -r 95123a24a580 aacsbr.c
--- a/aacsbr.c	Tue Mar 09 21:46:46 2010 +0000
+++ b/aacsbr.c	Tue Mar 09 21:50:10 2010 +0000
@@ -689,7 +689,6 @@
         num_rel_lead                        = get_bits(gb, 2);
         num_rel_trail                       = get_bits(gb, 2);
         ch_data->bs_num_env                 = num_rel_lead + num_rel_trail + 1;
-        ch_data->t_env[ch_data->bs_num_env] = abs_bord_trail;
 
         if (ch_data->bs_num_env > 5) {
             av_log(ac->avccontext, AV_LOG_ERROR,
@@ -698,6 +697,8 @@
             return -1;
         }
 
+        ch_data->t_env[ch_data->bs_num_env] = abs_bord_trail;
+
         for (i = 0; i < num_rel_lead; i++)
             ch_data->t_env[i + 1] = ch_data->t_env[i] + 2 * get_bits(gb, 2) + 2;
         for (i = 0; i < num_rel_trail; i++)